Why Using the Cloud to Maintain HIPAA-Compliant IT Makes Sense

 
 
By Chris Preimesberger  |  Posted 2015-04-28
 
 
 
 
 
 
 
 
 
  • Previous
    1 - Why Using the Cloud to Maintain HIPAA-Compliant IT Makes Sense
    Next

    Why Using the Cloud to Maintain HIPAA-Compliant IT Makes Sense

    by Chris Preimesberger
  • Previous
    2 - Reduced Costs Related to IT Maintenance
    Next

    Reduced Costs Related to IT Maintenance

    When using a hosting provider, there is no need to maintain your own data. A managed hosting provider that is truly HIPAA-compliant will sign a Business Associate's Agreement, provide core security services and conduct other essential monitoring and reporting tasks to ensure compliance with HIPAA regulations. Fixed monthly fees would enable you to instantly extend your IT department at a fraction of the cost it would take to buy the hardware up-front and maintain the infrastructure and staff trained in HIPAA compliance.
  • Previous
    3 - Guaranteed Security and Compliance
    Next

    Guaranteed Security and Compliance

    The rapid pace of cloud computing adoption presents some obvious concerns around security and compliance. Companies should be able to view security and compliance as an added benefit, not a burden. This is achievable by engaging a reputable hosting provider that can actually improve your data security and compliance while providing a service-level guarantee on your security.
  • Previous
    4 - Advanced Data Encryption Support for Data in Transit, at Rest
    Next

    Advanced Data Encryption Support for Data in Transit, at Rest

    Encryption should be a best practice for any security-conscious organization. The increase in cyber-threats and data theft presents a strong case for building an infrastructure that delivers strong computing performance without sacrificing data security. In fact, to meet HIPAA standards, data must be maintained in a manner that is unreadable, undecipherable and inaccessible to outside parties. This clause is usually addressed via encryption of data both while in transit and at rest.
  • Previous
    5 - Strong Virtual Networks Required
    Next

    Strong Virtual Networks Required

    HIPAA-compliant providers include robust VPN capabilities and Secure Sockets Layer (SSL) encryption products for data in transit. Depending on your application architecture, knowledgeable providers will have experience in implementing products for encrypting application services, databases or file repositories on disk. Although encryption is not a 100 percent guarantee, it is a very essential piece of a multi-layered, compliant defense as it ensures that data is protected, even if accessed by unauthorized individuals.
  • Previous
    6 - Increased Physical Security in the Office
    Next

    Increased Physical Security in the Office

    Ensuring security around the office is extremely important. This includes using employee badges, monitoring guests coming in and out, and locking file cabinets, for starters. Moving sensitive data to a secure hosted facility increases the safety of data from internal threats as hosting providers employ many safeguards to protect their customers' data.
  • Previous
    7 - Increased Security Inherent in Cloud-Service Data Centers
    Next

    Increased Security Inherent in Cloud-Service Data Centers

    Health-care providers can restrict users from saving data to external drives and can prohibit the printing of protected documents. In addition, data centers are protected by a number of layers of security, including multiple levels of electronic building and facility access secured by magnetic locks, 24/7 on-site personnel, monitored and recorded closed-circuit cameras, mantraps and mandatory identity logging of all outside visitors.
  • Previous
    8 - Off-Site Backups, Disaster Recovery Services
    Next

    Off-Site Backups, Disaster Recovery Services

    Highly available private cloud environments have redundancy built in, and compute resources are not shared with other customers' environments, which eliminates potential security risks. This setup integrates multiple types of backups in the event of an emergency, such as a natural disaster. Local backups are placed on a secondary disk within the data center and are available for fast data recovery. The data is also spun off to tape and sent to a facility outside the data center, addressing the off-site storage clause within the HIPAA regulations. If a disaster occurs that renders the data center unusable, the backups can be sent to another data center location.
  • Previous
    9 - Audit/Assessment Support
    Next

    Audit/Assessment Support

    Any company handling PHI or working with electronic medical records (EMR) is required to go through an annual HIPAA assessment, which ensures all proper safeguards are in place and up to industry standards. The assessment preparation process is extensive and requires strong data center expertise and experience in the health care IT space. Outsourcing this task can help free up resources to focus on growing the business as opposed to worrying about compliance and data center operations. Ideally, a chosen provider would have a dedicated compliance team to assist customers (and their customers) with completing compliance-related documentation.
 

The implementation of the federal Patient Protection and Affordable Care Act in 2010 and changes to the 2006 Health Insurance Portability and Accountability Act (HIPAA) have required adjustments in enterprise IT to handle these regulations effectively. Simultaneously, health care providers have migrated to electronic management of patient-protected health information, bringing the security of patient health information (PHI) to the forefront. Industry researchers at IDC estimate that 50 percent of health care organizations experienced between one and five cyber-attacks in 2014. IDC predicts that by 2020, 80 percent of health data will pass through the cloud. Non-compliance can be expensive: A data breach could lead to a $1 million fine from the federal Office for Civil Rights. Cloud-hosting providers are in the security business and have extensive experience that health care providers lack. This slide show, based on eWEEK reporting and input from cloud hosting service provider Connectria, offers insight into why organizations should use the cloud to maintain HIPAA-compliant IT.

 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
Rocket Fuel